8.7
CVE-2025-0064
- EPSS 0.06%
- Veröffentlicht 11.02.2025 01:15:09
- Zuletzt bearbeitet 23.10.2025 18:41:05
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)
Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Businessobjects Business Intelligence Platform Version430 SwEditionenterprise
SAP ≫ Businessobjects Business Intelligence Platform Version2025 SwEdition-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.18 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
| cna@sap.com | 8.7 | 2.3 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.